Rene, > since I added 0.0.0.0 this in /usr/sbin/amavisd : > @inet_acl = qw( 127.0.0.1 [::1] 0.0.0.0/0 10.15.4.0/24 ); > to fix the DENIED ACCESS from IP 0.0.0.0, policy bank '' > that was causing amavisd to stuck and be very slow
Btw, I suggested to add 0.0.0.0 to the list (mask /32 is a default), not 0.0.0.0/0, which allows anyone in. But this is now besides the point. > iptables block everyting but the postfix server... Ok, that fixes the security side. > My log file is full of this : > > Dec 16 09:44:43 amavis[10166]: TIMING [total 5026 ms] - bdb-open: 5026 > (100%) 100, rundown: 0 (0%)100 > Dec 16 09:44:43 amavis[10161]: (10161-01) TROUBLE in process_request: Error > writing a SMTP response to the socket: Broken pipe at (eval 38) line 813. > Dec 16 09:44:43 amavis[10161]: (10161-01) Requesting process rundown after > fatal error > Dec 16 09:44:44 amavis[10155]: (10155-01) SMTP shutdown: Error writing a > SMTP response to the socket: Bad file descriptor at (eval 38) line 813. So it seems the 0.0.0.0 was just a red herring, the real issue is somewhere deeper. Inability to write response back to the socket indicates the client has already disconnected at this point in time. Pehaps it has disconnected immediately, which could explain the Net::Server's inability to obtain its IP address - client being already disconnected at the time Net::Server tried to fetch a peer IP address on a socket would result in seing an 'unspecified' IP address. Collect the complete log of events at log level 5, pertaining to one request (e.g. the 10161-01 above, use grep), along with the Postfix log entries pertaining to this same connection. It would not hurt to also collect a tcpdump of the tcp session. This should explain whether the client (Postfix smtp service) really disconnected immediately, or after a timeout, or did some other event cause a tcp session to break, making amavisd (and Net::Server) think the client disconnected. Perhaps some firewall issue? Or a tcp protocol stack problem. Mark ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
